LDAPS connection problem
Brought to you by:
aubryp
Menu
▾
▴
#3 LDAPS connection problem
Hi,
I have a problem with the GenericHandler user LDAP
authentication (Search mode). If I configure the
handler to establish an non-secure connection to the
LDAP server, everything is fine. Here are the logs :
initializing CAS GenericHandler Logger...
configuration file LoggerConf.xml is missing!
CAS GenericHandler Logger configuration file is
missing, setting default configuration...
done.
0 [TP-Processor4] INFO CASGH - reading configuration
file...
289 [TP-Processor4] DEBUG CASGH - Debugging mode set
to "on".
290 [TP-Processor4] DEBUG CASGH - found an LDAP handler.
301 [TP-Processor4] DEBUG CASGH - =>
BindLdapHandler::<init>()
301 [TP-Processor4] DEBUG CASGH - <=
305 [TP-Processor4] DEBUG CASGH - =>
BindLdapServer::<init>()
305 [TP-Processor4] DEBUG CASGH - <=
305 [TP-Processor4] INFO CASGH - configuration file
read without any error.
305 [TP-Processor4] DEBUG CASGH - =>
RedundantHandler::authenticate()
306 [TP-Processor4] DEBUG CASGH - | =>
BindLdapServer::authenticate()
306 [TP-Processor4] DEBUG CASGH - | | =>
LdapServer::connect()
307 [TP-Processor4] DEBUG CASGH - | | |
connecting to the LDAP directory
(url=`ldap://ldap.myserver.fr:389/',
username=`cn=admin,dc=myserver,dc=fr')...
361 [TP-Processor4] DEBUG CASGH - | | |
connection succeeded.
361 [TP-Processor4] DEBUG CASGH - | | <= ok
361 [TP-Processor4] DEBUG CASGH - | | creating
search constraints...
362 [TP-Processor4] DEBUG CASGH - | | searching
into the LDAP directory...
362 [TP-Processor4] DEBUG CASGH - | | =>
LdapServer::replaceTokens()
364 [TP-Processor4] DEBUG CASGH - | | <= uid=crivac
375 [TP-Processor4] DEBUG CASGH - | | username
found, trying to bind...
376 [TP-Processor4] DEBUG CASGH - | | =>
LdapServer::connect()
376 [TP-Processor4] DEBUG CASGH - | | |
connecting to the LDAP directory
(url=`ldap://ldap.myserver.fr:389/',
username=`uid=myusername,ou=CRI,dc=myserver,dc=fr')...
387 [TP-Processor4] DEBUG CASGH - | | |
connection succeeded.
387 [TP-Processor4] DEBUG CASGH - | | <= ok
387 [TP-Processor4] DEBUG CASGH - | | Bind
succeeded.
387 [TP-Processor4] DEBUG CASGH - | <=
AUTHENTICATE_SUCCESS
387 [TP-Processor4] DEBUG CASGH - | server matched.
387 [TP-Processor4] DEBUG CASGH - <= SUCCEDED
387 [TP-Processor4] INFO CASGH - authentication
succeeded for user `myusername'.
However, if i try to configure the GenericHandler to
connect to the LDAP through a secure connection, it fails :
initializing CAS GenericHandler Logger...
configuration file LoggerConf.xml is missing!
CAS GenericHandler Logger configuration file is
missing, setting default configuration...
done.
0 [TP-Processor4] INFO CASGH - reading configuration
file...
291 [TP-Processor4] DEBUG CASGH - Debugging mode set
to "on".
293 [TP-Processor4] DEBUG CASGH - found an LDAP handler.
303 [TP-Processor4] DEBUG CASGH - =>
BindLdapHandler::<init>()
304 [TP-Processor4] DEBUG CASGH - <=
306 [TP-Processor4] DEBUG CASGH - =>
BindLdapServer::<init>()
307 [TP-Processor4] DEBUG CASGH - <=
307 [TP-Processor4] INFO CASGH - configuration file
read without any error.
307 [TP-Processor4] DEBUG CASGH - =>
RedundantHandler::authenticate()
308 [TP-Processor4] DEBUG CASGH - | =>
BindLdapServer::authenticate()
308 [TP-Processor4] DEBUG CASGH - | | =>
LdapServer::connect()
309 [TP-Processor4] DEBUG CASGH - | | |
connecting to the LDAP directory
(url=`ldaps://ldap.myserver.fr:636/',
username=`cn=admin,dc=myserver,dc=fr')...
421 [TP-Processor4] DEBUG CASGH - | | |
connection succeeded.
421 [TP-Processor4] DEBUG CASGH - | | <= ok
422 [TP-Processor4] DEBUG CASGH - | | creating
search constraints...
422 [TP-Processor4] DEBUG CASGH - | | searching
into the LDAP directory...
423 [TP-Processor4] DEBUG CASGH - | | =>
LdapServer::replaceTokens()
425 [TP-Processor4] DEBUG CASGH - | | <=
uid=myusername
430 [TP-Processor4] DEBUG CASGH - | | username
found, trying to bind...
431 [TP-Processor4] DEBUG CASGH - | | =>
LdapServer::connect()
431 [TP-Processor4] DEBUG CASGH - | | |
connecting to the LDAP directory
(url=`ldaps://ldap.myserver.fr:636/',
username=`uid=myusername,ou=MYOU,dc=myserver,dc=fr')...
The first bind to obtain the user dn is ok but on the
second bind, the connection never gets established
(this second connection doesn't appear in the ldap
logs)... The web browser waits endlessly.
If i restart Tomcat (without stopping the web browser),
the second LDAP request is processed and i get logged
in. However, restarting Tomcat each time someone wants
to login is not an acceptable solution :)
Have you already met this issue ?
Logged In: YES
user_id=849523
Hi Frdric,
Sorry not to be able to help you: I haven't tested secured
ldap connections yet (and got no material to do it). the
secured attribute was introduced later, hoping somebody
would make it work...
Did you see the recent discussions on the cas mailing list on
ldaps?
PA
Logged In: YES
user_id=1009463
Hi Pascal,
Thanks for your answer. I just subscribed to the CAS and
ESUP lists. I didn't found the answer to my problem in the
archives but i'll try to see if I can help. For the moment,
I bypassed the problem installing the Tomcat server on the
same machine as the LDAP server (and with secured=no).
Frederic